(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(19) World Intellectual Property Organization 
International Bureau 




(43) International Publication Date (10) International Publication Number 

29 March 2001 (29.03.2001) PCX WO 01/22724 Al 



(51) Interaational Patent Classification^: H04N 5/00, 
7/16. 7/167 

(21) International AppUcation Number: PCr/EPOO/08439 

(22) International Filing Date: 30 August 2000 (30.08.2000) 

(25) Filing Language: English 

(26) Publication Language: English 
(30) Priority Data: 



99/11901 



23 September 1999 (23.09.1999) PR 



(71) Applicant (for all designated States except US): THOM- 
SON MULTIMEDIA [FR/FR]; 46. quai Alphonse Le 
GaUo, F-92100 Boulogne-Billancourt (FR). 

(72) Inveiyor; and 

(75) Invcmor/Applicant (for US only): MORCEL, St^phane 
[FR/FR]; Thomson Multimedia, 46, quai Alphonse Le 
GaUo. F-92648 Boulogne Cedex (FR). 



(74) Agent: KOHRS, Martin; Thomson Multimedia, 46, quai 
Alphonse Le Gallo, F-92648 Boulogne (FR). 

(81) Designated States (national): AE. AG, AL, AM, AT, AU, 
AZ, BA, BB, BG, BR, BY, BZ, CA, CH, CN, CR, CU, CZ, 
DE, DK, DM, DZ, EE, ES, H, GB, GO, GE, GH, GM, HR, 
HU. ID, IL, IN. IS. JP. KE, KG. KP, KR. KZ. LC. LK, LR. 
LS, LT, LU, LV, MA. MD, MG. MK, MN. MW. MX, MZ. 
NO, NZ. PL. FT. RO, RU. SD. SB, SG. SI, SK, SL, TJ, TM. 
TR, TT, TZ, UA, UG, US, UZ, VN, YU, ZA, ZW. 

(84) Designated States (regional): ARJPO patent (GH, GM, 
KE, LS, MW, MZ, SD, SL, SZ, TZ, UG, ZW), Eurasian 
patent (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM), European 
patent (AT, BE, CH. CY, DE. DK, ES, FI, FR, GB. GR, IE. 
IT, LU, MC. NL. PT. SE), OAPI patent (BF, BJ. CF. CG, 
a. CM. GA. GN. GW, ML, MR. NE. SN. TO, TG). 

Published: 

— With international search report. 

For two-letter codes and other abbreviations, refer to the "Guid- 
ance Notes on Codes and Abbreviations " appearing at the begin- 
ning of each regular issue of the PCT Gazette. 



(54) Title: MULTIMEDIA DIGITAL TERMINAL AND DETACHABLE MODULE COOPERATING WITH THE TERMINAL 
COMPRISING AN INTERFACE PROTECHED AGAINST COPYING 



o 
O 




53- 
52- 

51- 
50- 



SESSION 



TRANSPORT 



LINK 



PHYSICAL 
* 



TERMINAL 





CA 




VAPPLICATION 






NvStandard API 




SESSION 


^62 


TRANSPOnr 


•LINK 


PHYSICAL 




\ 


MODULE 



rrcoM 



(57) Abstract: The terminal (I) receives a scrambled data stream (TS(D.EMB.)) in which the control words (CW) having served to 
scramble the data are transmitted in encrypted form. It transmits, via a first interface (TITS), this stream to a detachable module (2) 
containing the conditional access system specific to the service provider supplying the data. The module (2) extracts from the stream 
and decrypts the control words (CW) before transmitting them to the terminal, via a second interface (TTCOM). These control words 
are used by a descrambler (16) of the terminal to descramble the data. The data stream leaving the module (TS*(DJEMB.)) contains 
only scrambled data, thus guaranteeing better protection against copying. 
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Multimedia digital terminal and detachable module 
cooperating with the terminal comprising an interface 
protected against copying 



5 The present invention relates to the field of 

conditional access systems for multimedia digital 
terminals. It relates more particularly to a multimedia 
digital terminal as well as to a detachable module 
associated with this terminal for implementing a 
10 conditional access system, in which the interface between 
the terminal and the module is protected against illicit 
copying. 

The invention has been embodied within the 
context of the so-called DVB-CI interface (the initials 

15 standing for "Digital Video Broadcasting - Common 
Interface" which is described in particular in European 
Standard EN 50221 published by CENELEC (Comite Europeen 
de Normalisation Electrotechnique) . 

This DVB--CI common interface has been defined by 

20 the DVB group so as to allow standardization of digital 
receiving equipment whilst allowing service providers 
supplying the data, (for example suppliers of Pay TV 
programmes) to remain proprietors of the conditional 
access system and of the corresponding security elements. 

25 This is because a conditional access system must be 
envisaged whenever it is necessary to control access to 
broadcast data. However, the service providers supplying 
the data wish to preserve a specific conditional access 
system. By virtue of the DVB-CI interface, the specific 

30 proprietary elements can be integrated into a module 
which is separate from the standardized parts of the 
terminal which receive and decode the digital video data 
or the service data. Thus, the proprietary elements can 
be manufactured and sold separately from the terminals, 

35 thereby making their distribution easier. The module is 
referred to as a "DVB-CI module" by extension. 
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The aforesaid European standard describes in 
particular the hardware and software architecture of the 
common interface between a server (the host) and one or 
more DVB-CI modules connected to the server. 
5 We have represented this architecture in Figure 

1. The host server 1 is a multimedia digital terminal 
such as a decoder of programmes broadcast by satellite or 
by cable, a video recorder or a personal computer, to 
which may be connected one or more modules 2. The module 

10 2 is a detachable device which cannot operate alone but 
which is intended to execute certain specific tasks in 
association with the host server, in particular the 
implementation of a conditional access system or of an 
electronic programme guide. To do this, the module can 

15 access resources, that is to say software or hardware 
functional units, of the host server. The aforesaid 
common interface standard defines for this purpose a 
certain number of objects able to be exchanged between 
the module and the host server and allowing the module to 

20 use the resources of the host server. 

Within the framework of the standards defined by 
the DVB group, the digital data are transmitted in the 
form of an information stream coded according to the MPEG 
2 standard (ISO/IEC 13818-1), but naturally any other 

25 data transport standard can be used within the framework 
of the invention. 

The digital terminal 1 of Figure 1 comprises a 
tuner/demodulator 10 which receives a signal S, emanating 
from a satellite antenna or from a cable network, and 

30 which outputs a digital data stream transmitted in the 
form of packets, and referred to as the TS (standing for 
"Transport Stream") in the aforesaid MPEG 2 standard, and 
containing the services supplied by providers. 

The data stream TS comprises, in a known manner, 

35 packets of data supplied by various service providers 
and, so as to guarantee that the data reach only those 
users having acquired the right to receive them (for 
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example by means of a subscription to the service), these 
data are transmitted whilst being scrambled by control 
words CW. 

In order to descramble the data, the service 
5 provider also supplies the users with the control words 
having served to scramble the data. So as to keep the 
control words secret, they are supplied after having been 
encrypted with an algorithm with key K. The various 
encrypted control words are sent to the users in control 

10 messages, commonly denoted ECMs (the abbreviation ECM 
standing for "Entitlement Control Message") transmitted 
in the data stream TS. The control words are thereafter 
decrypted in a secure processor containing the key K, the 
secure processor being included within a security 

15 element, for example a smart card, which is supplied to 
the users. 

Returning to Figure 1, TS(D.EMB.) therefore 
denotes the data stream TS containing the data in 
scrambled form. In accordance with the principle defined 

20 in the aforesaid standard EN 50221, all the elements of 
the conditional access system which are specific to the 
service provider are contained in the detachable module 2 
which receives the data stream TS(D.EMB.) from the 
digital terminal 1 across the DVB-CI common interface. 

25 The module 2 comprises a microcontroller 21, in 

which the access control software application CA specific 
to the service provider is executed. It furthermore 
comprises a component 22 referred to as demultiplexer 
which receives the data stream TS(D.EMB.) so as to 

30 extract therefrom the video or audio data packets 
corresponding to a service which the user wishes to view 
or so as to extract therefrom data packets containing so- 
called "service" information, such as control messages 
ECM . The video or audio data packets are sent to a 

35 descrambler 23 contained in the module 2 whilst the 
messages ECM are sent to a smart card 3 which has been 
inserted into the module 2 and which contains, in a 
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secure processor 30, the key K having served to encrypt 
the control words. The decryption of the control words 
contained in the messages ECM is performed by the secure 
processor 30 which outputs the control words CW 
5 unenciphered to the descrambler 23 situated in the module 
2. The descrambler 23 is thus in a position to descramble 
the video or audio data packets received from the 
demultiplexer 22 by virtue of the control words CW which 
it receives from the smart card 3. It outputs a digital 
10 data stream TS(D.DES.) in which the data packets 
corresponding to the service which has been selected by 
the user are descrambled. 

The data stream TS(D.DES.) is transmitted to the 
digital terminal 1 via the DVB-CI common interface. It is 
15 more particularly transmitted to an MPEG decoder 14 of 
the terminal which supplies the audio and video outputs 
of the terminal which can be read directly by an 
apparatus such as a television. 

The terminal 1 also comprises a microcontroller 
20 11 in which the various software applications of the 
terminal are executed. 

The DVB-CI common interface in fact comprises two 
logic interfaces: 

the first, the interface of the data stream 
25 ITTS, constitutes a bi-directional bus and transports the 
digital data packets of the TS stream in both directions 
between the terminal 1 and the module 2 according to the 
MPEG 2 transport standard. From the terminal to the 
module, the stream TS(D.EMB.) transmitted via the ITTS 
30 interface is a scrambled data stream whilst in the other 
direction stream TS(D.DES)), and on condition that the 
module 2 allows access to the data selected by the user 
(that is to say that it contains the elements of the 
conditional access system of the service provider which 
35 are necessary for descrambling the said data) , the 
packets containing the selected data are returned 
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descrambled whilst the remainder of the TS stream remains 
unchanged; 

the second, the command interface ITCOM, 
transmits commands in both directions between the 
5 terminal 1 and the module 2 (more particularly between 
the microcontrollers 11 and 21) by way of the objects (or 
primitive functionalities) defined in the standard and 
which were mentioned above. 

A notable drawback of the system just described 

10 is that certain data flow unenciphered at the DVB-CI 
common interface level (in the stream TS(D.DES.)- In 
actual fact, data broadcasters are becoming increasingly 
preoccupied by illicit copies which may be made from the 
data which these broadcasters transmit, all the more so 

15 when these data are transmitted in digital form as is the 
case in the present instance, and they are asking for 
means of protection against copying to be set in place. 

The current DVB-CI common interface cannot 
guarantee this protection against copying since, the 

20 module 2 being detachable, it is possible for a pirate to 
connect a digital recorder to a connection port across 
which the stream TS(D-DES.) travels and to record the 
data packets which flow unenciphered. 

A purpose of the present invention is to solve 

25 the aforesaid problems by providing means of ensuring 
protection against copying at the level of the common 
interface between a digital terminal and a module which 
are linked together by an interface of the DVB-CI type. 

The invention therefore relates to a multimedia 

30 digital terminal intended for receiving a stream of 
digital data scrambled by control words, the control 
words being contained in the stream in encrypted form, 
and intended to cooperate with a detachable module for 
descrambling the data stream. The terminal is able to 

35 transmit the scrambled data stream to the detachable 
module. According to the invention, the terminal is 
furthermore capable of receiving from the detachable 
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module the decrypted control words, and it comprises a 
descrambler capable of descrambling the digital data 
stream by using the control words received from the 
detachable module. 
5 The descrambling of the data is therefore 

performed solely in the decoder and no data item now 
travels unenciphered at the level of the interface 
between the terminal and the detachable module. The risks 
of illicit copies are therefore considerably reduced by 
10 virtue of the invention. 

According to a preferred embodiment of the 
invention, the digital terminal is furthermore able to 
receive from the detachable module the scrambled digital 
data stream, wherein the data stream received by the 
15 terminal is not modified relative to the data stream 
transmitted by the terminal. 

According to another embodiment, the digital 
terminal is able to receive from the detachable module 
the scrambled digital data stream from which, relative to 
20 the data stream transmitted by the terminal, the data 
packets containing the control words have been removed. 

According to another aspect of the invention, the 
terminal is able to transmit the scrambled data stream to 
the detachable module across a first interface with the 
25 detachable module, and it is furthermore capable of 
receiving from the detachable module the decrypted 
control words across a second interface with said module. 

According to another particular characteristic of 
the invention, the terminal is furthermore able to 
30 receive from the detachable module, across the first 
interface, the scrambled digital data stream. 

The invention also relates to a multimedia 
digital terminal intended for receiving a stream of 
digital data scrambled by control words, the stream of 
35 data containing the control words encrypted using a first 
key, and intended to cooperate with a detachable module 
for descrambling the data stream. The terminal is able to 
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transmit the scrambled data stream to the detachable 
module across a first interface with the detachable 
module. According to the invention, the terminal is 
furthermore capable of receiving from the detachable 
5 module the decrypted control words which are encrypted 
using a second key before being transmitted across a 
second interface with the module. The terminal also 
comprises means for decrypting the. control words received 
from the detachable module using the second key; and a 

10 descrambler capable of descrambling the digital data 
stream by using the decrypted control words. 

Thus, in addition to the data which travel at the 
level of the first interface between the module and the 
terminal only in scrambled form, the control words are 

15 also encrypted so as to travel at the level of the second 
interface, thereby further increasing the security of the 
assembly. 

The invention also relates to a module intended 
for cooperating with a digital terminal as described 

20 above, this module being able to receive from the 
terminal a scrambled digital data stream. According to 
another aspect of the invention, the module is 
furthermore capable of extracting from the data stream 
the control words having served to scramble the digital 

25 data; of decrypting the control words; and of 
transmitting the decrypted control words (CW) to the 
terminal. 

According to another aspect of the invention, the 
module is furthermore adapted for returning the scrambled 
30 digital data stream to the terminal without modifying the 
stream. 

According to yet another aspect of the invention, 
the module is furthermore adapted for returning the 
scrambled digital data stream to the terminal by 
35 removing, relative to the data stream transmitted by the 
terminal, the data packets containing the control words. 
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According to another characteristic of the 
invention, the module is able to receive the digital data 
stream across a first interface with the terminal, and it 
is furthermore capable of transmitting the. decrypted 
5 control words to the terminal across a second interface 
with the terminal. 

According to a particular embodiment of the 
invention, the module is able to cooperate with a 
detachable security element for decrypting the control 
10 words, the module being capable of extracting from the 
digital data stream messages containing the encrypted 
control word; of transmitting the messages to a security 
element inserted into the module; of receiving from the 
security element the decrypted control words; and of 
15 transmitting the decrypted control words to the digital 
terminal with which it cooperates. 

The invention also relates to a module intended 
for cooperating with a digital terminal as described 
above, the module being able to receive from the terminal 
20 a scrambled digital data stream across a first interface 
with the terminal. According to the invention, the module 
is furthermore capable of extracting from the data stream 
the control words having served to scramble the digital 
data; of decrypting the control words and encrypting the 
25 control words using a second key; and of transmitting the 
encrypted control words to the terminal across a second 
interface with said terminal. 

The invention also relates to a method for 
descrambling a stream of digital data, scrambled by 
30 control words, which is received by a multimedia digital 
terminal, the control words being contained in the stream 
in encrypted form. The method comprises a first step 
consisting in transmitting the scrambled data stream to a 
detachable module. It furthermore comprises the steps 
35 consisting, for the detachable module, in extracting from 
the data stream the control words having served to 
scramble the digital data; in decrypting said control 
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words; and in transmitting the decrypted control words to 
the terminal. 

The invention also relates to a method for 
descrambling a stream of digital data, scrambled by 
5 control words, which is received by a multimedia digital 
terminal, the stream of data containing the control words 
encrypted using a first key. The method comprises a first 
step consisting in transmitting the scrambled data stream 
to a detachable module. According to the invention, it 
10 furthermore comprises the steps consisting, for the 
detachable module, in extracting from the data stream the 
control words having served to scramble the digital data; 
in decrypting the control words; in encrypting the 
control words with using a second key; and in 
15 transmitting the encrypted control words to the terminal. 
The method furthermore comprises the steps consisting, 
for the terminal, in decrypting the control words using 
the second key; and in descrambling the digital data 
stream by using said decrypted control words. 
20 The invention also relates to a method for 

transferring control words between a module as described 
above and a digital terminal also described above. This 
method consists essentially: 

for the module, in sending a first 
25 identification object to the terminal; 

for the terminal, in sending, in response to 
the first object, a second identification object 
indicating whether the terminal is or is not able to 
receive the control words from the module; and 
30 - for the module, in the event of a positive 

response with the second object, in sending the control 
words enclosed in a third object. 

Other characteristics and advantages of the 
invention will become apparent on reading a particular, 
35 non-limiting embodiment of the invention given with 
reference to Figures 1 to 4, among which: 
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Figure 1, described above, represents a 
digital terminal into which is plugged a DVB-CI module 
according to the prior art; 

Figure 2 represents a digital terminal into 
5 which is plugged a module according to the principle of 
the invention; 

Figure 3 diagrammatically represents a part of 
the common interface between a digital terminal and a 
module such as those of Figure 2; 
10 - Figure 4 illustrates a protocol for 

communication across the part of the common interface 
represented in Figure 3. 

Represented in Figure 2 are a digital terminal 1 
together with a module 2 connected to the terminal via an 
15 interface which is improved relative to the DVB-CI 
interface so as ensure better protection against copying 
at the level of this interface. 

The elements which are similar to those of Figure 
1 described earlier bear the same reference numbers and 
20 will not be described further. 

In the embodiment of the invention illustrated in 
Figure 2, it will be considered that the digital terminal 
1 is a decoder receiving programmes from various service 
providers via cable or via a satellite antenna. 
25 A module 2 containing the specific elements of 

the conditional access system of a first service provider 
is connected to this decoder. 

According to the principle of the invention, the 
data stream TS'(D.EMB.) leaving the module 2 via the 
30 interface ITTS contains only data in scrambled form. The 
module 2 extracts only the control words CW from the 
stream TS(D.EMB.) received so as to transmit them, once 
decrypted, to the decoder. The descrambling of the data 
is performed only in the decoder 1 by virtue of a 
35 descrambler 16 contained in the decoder. Thus, the 
digital data are no longer available unenciphered at the 
level of the ITTS interface and illicit copying is, if 
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not eliminated, at least made much more complex than in 
the prior art. 

To do this, as in the prior art, the module 2 
comprises a demultiplexer 22 which extracts the ECM 
5 control messages from the data stream TS(D.EMB.) received 
and which transmits them to a smart card 3 inserted into 
the module. The secure processor 30 of the smart card 
decrypts the control words CW contained in the ECM 
messages and it transmits them to the module 2. 

10 According to a preferred embodiment of the 

invention, the control words CW are transmitted from the 
module 2 to the decoder 1 across the control interface 
ITCOM. The details of the transmission of the control 
words via the ITCOM interface will be explained later in 

15 conjunction with Figures 3 and 4. 

Preferably, the data stream TS(D.EMB.) which is 
received by the module 2 is retransmitted as is to the 
decoder (link 29) without being modified (TS'{D.EMB) = 
TS(D.EMB.)). It is received in the decoder by a 

20 demultiplexer 15 which extracts the video or audio data 
packets corresponding to the programme which the user 
wishes to view and which transmits them to the 
descrambler 16 so as to be descrambled before being 
transmitted to the MPEG decoder 14. For this purpose the 

25 descrambler 16 receives the control words CW from the 
module 2 via the ITCOM interface. 

According to a first variant embodiment, the 
module 2 extracts the ECM control messages from the data 
stream TS(D.EMB.) and replaces them, in the data stream 

30 TS'(D.EMB.) transmitted to the decoder, with stuffing 
packets. This variant is represented diagrammatically via 
the link 28 shown dashed. 

According to a second variant embodiment, the 
demultiplex 22, contained in the module 2, extracts the 

35 video or audio data packets corresponding to the 
programme which the user wishes to view and it transmits 
them in the data stream TS'(D.EMB.) so that they are 
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received directly by the descrambler 16 of the decoder. 
This variant is represented diagrammatically by the link 
27 shown dashed. 

Also represented dashed in Figure 2 is a smart 
5 card 4 which can be inserted into the decoder 1 and which 
belongs to the conditional access system of a second 
service provider. Indeed, the decoder can comprise an 
integrated conditional access system for accessing the 
services of the second provider and furthermore comprise 

10 several connectors for modules 2 so as to access the 
services of several other providers. 

It is for this reason that the decoder comprises 
a demultiplexer 15 and a descrambler 16. The access 
control software application CA' of the second provider 

15 is executed in the microcontroller 11. When the user 
selects a service of the second provider, the stream 
TS(D.EMB.) is transmitted directly to the demultiplexer 
15 via a link 19. This demultiplexer extracts the control 
messages ECM' and transmits them to the secure processor 

20 40 of the smart card 4 which, with the aid of the key K', 
decrypts the control words CW contained in the messages 
ECM' and sends them unenciphered to the descrambler 16, 
so as to descramble the services selected by the user. 

According to a third variant embodiment of the 

25 invention, the data stream TS(D.EMB.) is transmitted from 
the decoder 1 to the module 2 so that the latter extracts 
the control words CW and retransmits them unenciphered to 
the decoder, but unlike the variants mentioned earlier, 
the stream TS(D.EMB.) is not returned via the ITTS 

30 interface to the decoder. Only the control words are 
transmitted to the decoder after having been decrypted by 
the module. The stream TS(D.EMB.) is for its part sent 
directly to the demultiplexer 15 of the decoder via the 
link 19 inside the decoder. 

35 According to a fourth variant embodiment of the 

invention, the control words CW are not transmitted 
unenciphered across the ITCOM interface. They are 
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encrypted by the microcontroller 21 of the module 2 using 
a second key, different from the key K used to encrypt 
the control words upon their transmission in the data 
stream TS{D.EMB.)/ before being transmitted over the 
5 ITCOM interface. This variant thus offers increased 
security since now no element travels unenciphered via 
the interface between the module and the decoder. 

The microcontroller 11 of the decoder 1 will 
therefore have to decrypt, using this second key, the 

10 control words received by the ITCOM interface before 
transmitting them to the descrambler 16. 

In a first embodiment of this variant, the module 
2 and the decoder 1 generate, before a single control 
word travels through the ITCOM interface, a session key 

15 SSK by using the Diffie Hellman protocol, which is well 
known to the person skilled in the art. Thereafter, all 
the control words are encrypted in the module using the 
session key SSK, then are transmitted to the decoder in 
this encrypted form across the ITCOM interface before 

20 being decrypted, using the session key, in the decoder. 

In this embodiment, a different session key is 
generated each session, that is to say each time the user 
selects a programme which needs to be descrambled in the 
module 2 . 

25 In a second embodiment of this variant, the 

decoder 1 and the module 2 each contain a secret key K2 
which is stored in a secure area of the decoder or of the 
module, for example in a secure processor. This secret 
key is unique for each decoder and if several modules are 

30 plugged into the decoder, they all contain the secret key 
of the decoder. 

In this embodiment, the control words are 
therefore encrypted with the secret key K2 in the module 
before being transmitted to the decoder via the ITCOM 

35 interface; they are then decrypted in the decoder using 
the key K2. 
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The principle of the invention is particularly 
advantageous since it makes it possible to harness the 
demultiplexer and the descrambler which are already 
contained in the decoder so as to use them even when the 
5 conditional access system of another provider, contained 
in a detachable module, is used. 

It should be stated in this regard that the 
demultiplexer and the descrambler components have been 
standardized within the framework of the DVB digital 
10 broadcasting standard in particular. Only the conditional 
access system (access control software, decryption 
algorithm and key, smart card, etc.) remains a 
proprietary system of the service provider. 

We shall now describe in greater detail, in 
15 conjunction with Figures 3 and 4, how the control words 
CW are transmitted via the command interface ITCOM. 

The ITCOM interface between the terminal 
(decoder) 1 and the module 2 uses a communication 
protocol which is represented diagrammatically in Figure 
20 3 and which comprises several layers: 

- a "Physical" layer (50, 60) which comprises 
the physical connector and low-level software for 
initializing the communication; 

- a "Link" layer (51, 61) which forms the link 
25 between the Physical layer which deals only with bytes (8 

bits of data) and the higher layer which can deal with 

much larger packets of data; 

a "Transport" layer (52, 62) which optimizes 

the occupation of the data stream by the various session 
30 in progress and which conveys the messages from the 

higher layer to the "Link" layer; 

a "Session" layer (53, 63) which opens, closes 

and manages the sessions in which the messages of the 

applications using the ITCOM interface are transmitted - 
35 Represented in Figure 3 are on the one hand the 

access control application CA 65 which is executed in the 

microcontroller 21 (cf. Fig. 2) of the module 2 and on 
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the other hand a software resource 55 called CAS 
(standing for "Conditional Access Support") of the 
terminal 1. 

This resource CAS defines a certain number of 
5 specific objects intended for use by the access control 
applications of the modules connected to the terminal. It 
communicates with the four layers of the ITCOM interface 
across a " Standard API " (the abbreviation API standing 
for "Application Programming Interface"), the standard 

10 API defining other objects which are used by all the 
resources of the system. 

Likewise, the access control application 65 of 
the module uses the objects defined by the resources of 
the terminal through a standard API , 

15 It was seen earlier that, according to the 

principle of the invention, the control words which are 
decrypted in the module 2 are thereafter transmitted to 
the terminal 1 across the ITCOM interface. In order that 
the control words may "cross" the various layers of the 

20 ITCOM interface, they must be enclosed in specific 
objects, comprehensible both to the application CA and to 
the resource CAS, which will be called "CPTS_CW()" 
hereinafter. Of course, when the control words are 
transmitted encrypted with the aid of a second key (SSK 

25 or K2) as in the fourth variant set forth above, they are 
enclosed, in this encrypted form, in the objects 
CPTS_CW() . 

Figure 4 illustrates the protocol for 
communication between the access control application CA 
30 of the module and the resource CAS of the terminal which 
allows, according to the invention, protection against 
copying. 

The time scale has been represented by two 
downward vertical arrows, 
35 After a first session-opening phase (not 

represented) , the application CA of the module checks 
that the resource CAS of the terminal does indeed support 
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protection against copying over the ITCOM interface. To 
do this, the application CA sends during a step 100 an 
object "CPTS_identification() " which will be defined 
later. The resource CAS responds by sending, in step 101, 
5 an object "CPTS_identif ication_answer ( ) " which indicates 
whether the resource CAS does or does not support 
protection, against copying. In the event of a positive 
response, the application CA of the module then regularly 
sends (steps 102a, 102b, 102i) the control words enclosed 

10 in the objects "CPTS_CW{)" as and when they are decrypted 
by the module. 

Conversely, in the event of a negative response, 
the terminal is not considered reliable. Consequently, 
the control words are not sent to the terminal and the 

15 data of the stream TS(D.EMB.) are not descrambled in the 
terminal- Any appropriate action can be envisaged at that 
moment (displaying of a message destined for the user by 
way of the User Interface resource of the terminal for 
example) . 

20 As seen above, it is necessary, in order to 

implement the protocol of Figure 4, to define additional 
objects over and above those already envisaged in the 
existing standards. 

Identification objects 
25 The function of the identification objects is to 

allow an access control application CA of a module 
supporting protection against copying to check whether 
the terminal to which the module is connected also 
supports protection against copying. That is to say, 
30 whether the resource CAS of the terminal possesses the 
functionality of protection against copying. 

The first object used is the following: 



CPTS_identif ication ( ) { 
35 CPTS_identification_tag 24 bits uimsbf 

Length_field() =0 8 bits uimsbf 

} 
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The notation used here corresponds to that used 
in the aforesaid standard EN 50221 in which the objects 
are generally defined by means of a tag (here the 
5 "CPTS_identif ication_tag") , of a length field 
("Length_field() ") and of parameters which can take 
various values. 

The CPTS_identif ication_tag tag is a number 
defined on 24 bits and the notation "uimsbf" (stemming 
10 from "unsigned integer most significant bit first") 
signifies that this pertains to an unsigned integer whose 
most significant bits (highest order bits) are always 
situated first. 

The "Length_f ield 0 " field defines the length in 
15 terms of number of bytes of the parameters forming part 
of the object. Since here the object 
"CPTS_identif ication 0 " contains no parameter, the length 
• field is equal to zero. 

The second object used is the following: 

20 

CPTS_identif ication_answer ( ) { 

CPTS_identif ication_answer_tag 
Length_field() = 1 
Identif ication_result 

25 } 



24 bitsuimsbf 
8 bits uimsbf 



This "CPTS__identif ication_answer ( ) " object is 
used to indicate whether the resource CAS of the terminal 
does or does not support protection against copying 

30 according to the invention. It comprises a 
"CPTS_identif ication_answer_tag ( ) " tag and a length field 
which is equal to 1 since the object also comprises an 
"Identif ication_result" parameter defined on 8 bits. This 
parameter is for example a Boolean indicating whether or 

35 not protection against copying is supported by the 
resource CAS. 
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Other parameters can be envisaged, for example to 
indicate a version number of the copy protection. 

Contro- word transmission objects 

These objects enclose the control words which are 
5 decrypted in the module. They allow the access control 
application CA of the module to send them, across the 
various layers of the ITCOM interface, to the resource 
CAS of the terminal which can thereafter utilize them by 
transmitting them to the descrambler 16 (Fig. 2) . 
10 These objects have the following format: 



CPTS_CW() { 

CPTS_CW_tag 24 bits uimsbf 

Length__f ield ( ) 

15 MPEG2_stream_type 8 bits uimsbf 

MPEG2_pid 16 bits uimsbf 

Odd_CW 128 bits uimsbf 

Even_CW 128 bits uimsbf 

} 

20 

They comprise a "CPTS_CW_tag" tag, a length field 
"Length_f ield ( ) " and parameters identifying: 

the type of data packet transported (video, 
audio or other data), in "MPEG2_stream_type" defined on 8 
25 bits; 

the PID (standing for "Programme Identifier"), 
that is to say the programme identifier associated with 
the packet transported in "MPEG2_pid", defined on 16 
bits; 

30 - the odd ("Odd_CW") and even ("Even_CW") 

control words defined on 128 bits each. 

Indeed, it is well known that a succession of 
even and odd control words is transmitted in the TS data 
stream, each control word being transmitted in advance 

35 relative to the data packets which are scrambled with 
this control word. The descrambler therefore continuously 
memorizes the even control word serving to descramble the 
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current data packet and the odd control word serving to 
descramble the next packet (or vice versa) . 

The "CPTS_CW()" object comprises, in a first 
embodiment, parameters making it possible to send both an 
5 even control word (in "Even_CW") and an odd control word 
(in "Odd_CW") . It can also comprise, in another 
embodiment, a parameter "CW", on 128 bits, containing the 
control word and a parameter "Type_CW" on 8 bits, 
defining the type, even or odd, of the control word 

10 transmitted. 

Of course, the invention is not limited to the 
exemplary embodiments which are mentioned hereinabove. In 
particular, the person skilled in the art will be able to 
introduce any variant into the definition of the 

15 identification objects and control-word transmission 
objects by adding other parameters to these objects. 

Moreover, although the invention has been 
described with reference to the DVB-CI standard it is not 
limited to the framework of this standard. The invention 

20 can in particular be advantageously applied within the 
framework of the American NRSS (standing for "National 
Renewable Security Standard") standard. 
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CLAIMS 

1. Multimedia digital terminal (1) intended for 

receiving a stream (TS(D,EMB.)) of digital data scrambled 
5 by control words (CW) , said control words being contained 
in said stream (TS(D.EMB.)) in encrypted form, and 
intended to cooperate with a detachable module (2) for 
descrambling said data stream, 

said terminal being able to transmit the 
10 scrambled data stream (TS(D.EMB.)) to the detachable 
module, 

characterized in that it is furthermore capable 
of receiving from said detachable module the decrypted 
control words (CW) , and 
15 in that it comprises a descrambler (16) capable 

of descrambling the digital data stream by using the 
control words (CW) received from the detachable module 
(2) . 

20 2. Digital terminal according to Claim 1, 

characterized in that it is furthermore able to receive 
from the detachable module (2) the scrambled digital data 
stream (TS' (D.EMB. ) ) , said data stream received by the 
terminal not being modified relative to the data stream 

25 (TS(D.EMB.)) transmitted by the terminal. 

3. Digital terminal according to Claim 1, 

characterized in that it is furthermore able to receive 
from the detachable module (2) the scrambled digital data 
30 stream (TS' (D. EMB. ) ) from which, relative to the data 
stream (TS(D.EMB.)) transmitted by the terminal, the data 
packets containing the control words (CW) have been 
removed . 

35 4 . Digital terminal according to one of Claims 1 to 

3, characterized in that said terminal is able to 
transmit the scrambled data stream {TS(D.EMB.)) to the 
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detachable module across a first interface (ITTS) with 
said detachable module, and 

in that it is furthermore capable of receiving 
from said detachable module the decrypted control words 
5 (CW) across a second interface (ITCOM) with said module. 

5. Terminal according to Claim 4, in combination 
with Claims 2 and 3, characterized in that it is 
furthermore able to receive from the detachable module 

10 (2), across said first interface (ITTS), the scrambled 
digital data stream (TS' (D, EMB. ) ) . 

6. Multimedia digital terminal (1) intended for 
receiving a stream (TS{D.EMB.)) of digital data scrambled 

15 by control words (CW) , said stream of data (TS(D.EMB.)) 
containing the control words encrypted using a first key 
(K) , and intended to cooperate with a detachable module 
(2) for descrambling said data stream, 

said terminal being able to transmit the 
20 scrambled data stream (TS(D.EMB.)) to the detachable 
module across a first interface (ITTS) with said 
detachable module, 

characterized in that it is furthermore capable 
of receiving from said detachable module the decrypted 
25 control words (CW) which are encrypted using a second key 
(SSK, K2) before being transmitted across a second 
interface (ITCOM) with the module (2), and 
in that it comprises: 

means for decrypting said control words 
30 received from the detachable module using said 

second key (SSK, K2) ; and 

a descrambler (16) capable of descrambling 
the digital data stream (TS(D.EMB.)) by using said 
decrypted control words (CW) . 

35 

7. Module (2) intended for cooperating with a 
digital terminal according to Claim 1, said module being 
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able to receive from the terminal a scrambled digital 
data stream (TS { D. EMB. ) ) , characterized in that said 
module is furthermore capable of: 

- extracting from the data stream (TS(D.EMB.)) 
5 the control words (CW) having served to scramble the 

digital data; 

- decrypting said control words; and 

- transmitting the decrypted control words (CW) 
to said terminal. 

10 

8. Module according to Claim 1, characterized in 
that it is furthermore adapted for returning the 
scrambled digital data stream (TS' (D. EMB. ) ) to the 
terminal without modifying said stream. 

15 

9. Module according to Claim 1, characterized in 
that it is furthermore adapted for returning the 
scrambled digital data stream (TS' (D. EMB. ) ) to the 
terminal by removing, relative to the data stream 

20 (TS(D.EMB.)) transmitted by the terminal, the data 
packets containing the control words. 

10. Module according to one of Claims 7 to 9, 
characterized in that it is able to receive the digital 

25 data stream (TS(D.EMB.)) across a first interface (ITTS) 
with said terminal (1), and 

in that it is furthermore capable of transmitting 
the decrypted control words to said terminal across a 
second interface (ITCOM) with said terminal. 

30 

11. Module according to one of Claims 7 to 10, 
characterized in that it is able to cooperate with a 
detachable security element (3) for decrypting the 
control words, said module being capable of: 

35 - extracting from the digital data stream 

(TS(D.EMB.)) messages (ECM) containing the encrypted 
control words; 
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transmitting said messages (ECM) to a security 
element (3) inserted into said module; 

receiving from said security element (3) the 
decrypted control words (CW) ; and 
5 - transmitting the decrypted control words to 

the digital terminal (1) with which it cooperates. 

12. Module (2) intended for cooperating with a 
digital terminal according to Claim 6, said module being 

10 able to receive from the terminal a scrambled digital 
data stream (TS{D.EMB.)) across a first interface (ITTS) 
with the terminal (1), characterized in that said module 
is furthermore capable of: 

- extracting from the data stream (TS(D.EMB.)) 
15 the control words (CW) having served to scramble the 
digital data; 

decrypting said control words; and 
encrypting said control words using the second 
key (SSK, K2) ; and 
20 - transmitting said encrypted control words (CW) 

to the terminal across a second interface (ITCOM) with 
said terminal. 

13. Module according to one of Claims 10 or 12, 
25 characterized in that it pertains to a module according 

to the DVB-CI standard and in that the first interface 
(ITTS) of the module is the interface of the transport 
stream according to the MPEG-2 standard and the second 
interface (ITCOM) is the control interface. 

30 

14. Method for descrambling a stream (TS(D.EMB.)) of 
digital data, scrambled by control words (CW) , which is 
received by a multimedia digital terminal (1), said 
control words (CW) being contained in said stream in 

35 encrypted form, the method comprising a first step 
consisting in: 
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transmitting the scrambled data stream 
{TS(D.EMB.)) to a detachable module (2), 

characterized in that it furthermore comprises 
the steps consisting^ for the detachable module (2), in: 
5 - extracting from the data stream (TS(D.EMB.)) 

the control words (CW) having served to scramble the 
digital data; 

decrypting said control words; and 
transmitting the decrypted control words (CW) 
10 to said terminal. 

15. Method for descrambling a stream (TS(D.EMB.)) of 

digital data, scrambled by control words (CW) , which is 

received by a multimedia digital terminal (1), said 
15 stream of data containing said control words (CW) 

encrypted using a first key (K), the method comprising a 

first step consisting in: 

transmitting the scrambled data stream 

(TS(D.EMB.)) to a detachable module (2), 
2.0 characterized in that it furthermore comprises 

the steps consisting, for the detachable module (2) , in: 

- extracting from the data stream (TS(D.EMB.)) 
the control words (CW) having served to scramble the 
digital data; 

25 - decrypting said control words; 

encrypting said control words using a second 
key (SSK, K2); and 

transmitting the encrypted control words (CW) 
to said terminal; and, 
30 for the terminal (1), in: 

decrypting said control words using the second 
key (SSK, K2) ; and 

- descrambling the digital data stream by using 
said decrypted control words. 

35 

16. Method for transferring control words (CW) 

between a module according to one of Claims 7 to 13 and a 
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digital terminal according to one of Claim 1 to 6, 
characterized in that it comprises the steps consisting: 

for the module (2), in sending (100) a first 
identification object ("CPTS_identif ication ( ) ") to the 
5 terminal (1) ; 

for the terminal (1), in sending (101), in 
response to said first object, a second identification 
object ("CPTS_identif ication^answer 0 ") indicating 

whether the terminal is or is not able to receive the 
10 control words from the module (2); and 

for the module (2), in the event of a positive 
response with said second object, in sending (102a, 102b, 
102i) said control words (CW) enclosed in a third object 
("CPTS CWO") . 
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